– – Another Attempted Paypal Fraud

By | December 14, 2011

Phishing fraudsters pretending to be from Paypal email me most days. Sometimes, they even have my real name (eBay transactions with the Muslim community is usually to blame for the name getting out there). However, you likely landed here after Googling “” or “”

Paypal do not send out emails from a “” address – certainly not a fake one. The domain is a site about lock-picking Medeco locks (whatever they are). Nothing to do with Paypal anyway.

This email comes addressed to “Dear Paypal Customer” – which is wrong. Paypal know your name. If they are writing to you, they will use it.

Apart from the bullsh*t domain, wrong email and not knowing the name of the customer, this one has other howlers: Sending attachments – Paypal don’t do that. Specifying which browser you must open the attachment with – yeah, Paypal don’t do that either. That just means the virus they are sending you only works in insecure browsers. Spelling mistakes: A true sign of a non-English speaking scammer. I wont highlight them so they cannot correct them when they read this.

So, here is the email:

Dear PayPal Customer,

You have added as a new email address for your Paypal account.

If you did not authorize this change, check with family members and others who may have access to your account first. If you still feel that an unauthorized person has changed your email, submit the form attached to your email in order to keep your original email and restore your Paypal account.

NOTE: The form needs to be opened in a modern browser which has javascript enabled (ex: Internet Explorer 7, Firefox 3, Safari 3, Opera 9)

Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.

If you choose to ignore our request, you leave us no choice but to temporary suspend your account.

Sincerely, PayPal Account Review Department.

Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the “Help” link in the footer of any page.

Copyright © 1999-2011 PayPal. All rights reserved.

All rubbish of course. DO NOT open the attachment called “PersonalProfileForm-payPal.htm” – that is full of viruses! If you did, change your Paypal passwords immediately and do a virus check on your computer.

So lets see where this fake email was sent from:

It comes from the IP which is traced to a company called Allen Linen in North Brunswick in the USA.

Here is their contact details:

Allen Linen Supply
407 20th Ave.
Paterson, NJ 07513
Phone: (973) 742-6131

Why not contact them and ask why someone is sending phishing emails off their server? That is surely a crime in the land of the free.

However, more digging reveals that “” is the sender. That resolves to someone in Barnaul in Russia but has Singapore tags on it. The plot thickens when “” is introduced into the mix – also from the email headers. That does trace to Singapore. The site doesn’t work and also traces to Singapore. Here is the domain info:

Record last updated at 2011-09-20 06:05:47
Record created on 1/18/2006
Record expired on 01/18/2014

Domain servers in listed order:

Unit 107, Marina Residence, No.8, Kabaaye Pagoda Rd

name:(Eden Group Co., Ltd.)
Eden Group Company Limited
Technical Contactor:
#3/1, Myanmar Info-Tech, Universities Hlaing Campus

name:(Zaw HTUT)
Billing Contactor:
Unit 107, Marina Residence, No.8, Kabaaye Pagoda Rd

name:(Eden Group Co., Ltd.)
Eden Group Company Limited

Registration Service Provider:
name: Myanmars.NET
tel: +95.01652250
fax: +1.7079880300

So what we have here is likely a scammer from Singapore routing through a proxy server in Russia, and again through another via an innocent linen company in the US to send you his Paypal scam email. Now don’t go writing about his scheme on the internet will you? Dammit…….. I just did!

6 thoughts on “ – – Another Attempted Paypal Fraud

  1. ramona in Tolyo

    Thank you so much for the information. Net dummies like me need it!

  2. mike

    thanks for tracing this – interesting how you found out all this info – the scumbags also sent me this fake email and I googled to see if anybody else had it

    Keep up the good work

  3. Editor Post author

    Mike, all this info is out there and can be had from the net in minutes, if you know how and where to look using the email headers attached to any email.

    The reason the final routing is through the servers of a random company in the US is so email servers around the world don’t treat it as spam mail as they might with mail visibly originating in Russia or Singapore.

    Notice the address of the domain above is a campus. This is likely IT students in Singapore. Students are often behind such things.

    Professionals can cover their internet tracks better and know how to spell!

  4. Bradley Pool

    Thanks for that. Interesting to know the ins and outs of scammers. I always report fake paypal e-mails to paypal so they can investigate it. They should employ someone with your skill to track them down. Excellent work!!

  5. Ramona in Tokyo

    Thanks again! I just got another of these e-mails and have warned everyone on my staff not to open them.

    Ramona in Tokyo

  6. BEEARY58

    why does this yoyo keep using may email………. ( )

Leave a Reply

Your email address will not be published. Required fields are marked *

Why ask?